PyPI - guarddog - Versions diffs - 2.0.2__py3-none-any.whl → 2.0.3__py3-none-any.whl - Mend

guarddog 2.0.2py3-none-any.whl → 2.0.3py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

guarddog/analyzer/analyzer.py CHANGED Viewed

@@ -3,15 +3,18 @@ import logging
 import os
 import subprocess
 import yara  # type: ignore
 from collections import defaultdict
 from pathlib import Path
 from typing import Iterable, Optional, Dict
 from guarddog.analyzer.metadata import get_metadata_detectors
 from guarddog.analyzer.sourcecode import get_sourcecode_rules, SempgrepRule, YaraRule
+from guarddog.utils.config import YARA_EXT_EXCLUDE
 from guarddog.ecosystems import ECOSYSTEM
 SEMGREP_MAX_TARGET_BYTES = 10_000_000
+SOURCECODE_RULES_PATH = os.path.join(os.path.dirname(__file__), "sourcecode")
 log = logging.getLogger("guarddog")
@@ -21,7 +24,6 @@ class Analyzer:
     Analyzes a local directory for threats found by source code or metadata rules
     Attributes:
-        sourcecode_rules_path (str): path to source code rules
         ecosystem (str): name of the current ecosystem
         metadata_ruleset (list): list of metadata rule names
         sourcecode_ruleset (list): list of source code rule names
@@ -33,7 +35,6 @@ class Analyzer:
     """
     def __init__(self, ecosystem=ECOSYSTEM.PYPI) -> None:
-        self.sourcecode_rules_path = os.path.join(os.path.dirname(__file__), "sourcecode")
         self.ecosystem = ecosystem
         # Rules and associated detectors
@@ -177,8 +178,10 @@ class Analyzer:
         errors: Dict[str, str] = {}
         issues = 0
+        rule_results = defaultdict(list)
         rules_path = {
-            rule_name: os.path.join(self.sourcecode_rules_path, f"{rule_name}.yar")
+            rule_name: os.path.join(SOURCECODE_RULES_PATH, f"{rule_name}.yar")
             for rule_name in all_rules
         }
@@ -191,21 +194,28 @@ class Analyzer:
             for root, _, files in os.walk(path):
                 for f in files:
-                    matches = scan_rules.match(os.path.join(root, f))
+                    # Skip files with excluded extensions
+                    if f.lower().endswith(tuple(YARA_EXT_EXCLUDE)):
+                        continue
+                    scan_file_target_abspath = os.path.join(root, f)
+                    scan_file_target_relpath = os.path.relpath(scan_file_target_abspath, path)
+                    matches = scan_rules.match(scan_file_target_abspath)
                     for m in matches:
                         for s in m.strings:
                             for i in s.instances:
-                                rule_results = {
-                                    "location": f"{f}:{i.offset}",
+                                finding = {
+                                    "location": f"{scan_file_target_relpath}:{i.offset}",
                                     "code": self.trim_code_snippet(str(i.matched_data)),
                                     'message': m.meta.get("description", f"{m.rule} rule matched")
                                 }
                                 issues += len(m.strings)
-                                results[m.rule].update(rule_results)
+                                rule_results[m.rule].append(finding)
         except Exception as e:
             errors["rules-all"] = f"failed to run rule: {str(e)}"
-        return {"results": results, "errors": errors, "issues": issues}
+        return {"results": results | rule_results, "errors": errors, "issues": issues}
     def analyze_semgrep(self, path, rules=None) -> dict:
         """
@@ -231,7 +241,7 @@ class Analyzer:
         issues = 0
         rules_path = list(map(
-            lambda rule_name: os.path.join(self.sourcecode_rules_path, f"{rule_name}.yml"),
+            lambda rule_name: os.path.join(SOURCECODE_RULES_PATH, f"{rule_name}.yml"),
             all_rules
         ))

guarddog/analyzer/sourcecode/__init__.py CHANGED Viewed

@@ -1,4 +1,5 @@
 import os
+import re
 import pathlib
 from dataclasses import dataclass
 from typing import Optional, Iterable
@@ -20,6 +21,7 @@ class SourceCodeRule:
     """
     id: str
     file: str
+    description: str
 @dataclass
@@ -36,7 +38,6 @@ class SempgrepRule(SourceCodeRule):
     Semgrep rule are language specific
     Content of rule in yaml format is accessible through rule_content
     """
-    description: str
     ecosystem: ECOSYSTEM
     rule_content: dict
@@ -105,4 +106,12 @@ yara_rule_file_names = list(
 # all yar files placed in the sourcecode directory are loaded as YARA rules
 # refer to README.md for more information
 for file_name in yara_rule_file_names:
-    SOURCECODE_RULES.append(YaraRule(id=pathlib.Path(file_name).stem, file=file_name))
+    rule_id = pathlib.Path(file_name).stem
+    description_regex = fr'\s*rule\s+{rule_id}[^}}]+meta:[^}}]+description\s*=\s*\"(.+?)\"'
+    with open(os.path.join(current_dir, file_name), "r") as fd:
+        match = re.search(description_regex, fd.read())
+        rule_description = ""
+        if match:
+            rule_description = match.group(1)
+        SOURCECODE_RULES.append(YaraRule(id=rule_id, file=file_name, description=rule_description))

guarddog/analyzer/sourcecode/npm-obfuscation.yml CHANGED Viewed

@@ -50,8 +50,12 @@ rules:
           - pattern-not-inside: //...
           - pattern-regex: ^\s*[\[\]\(\)\+\!]{10,}\s*$
-          # hide code from sight
-        - pattern-regex: ^(.*?);?[\h]{150,};?.{10,}$
+        # hide code from sight
+        - patterns:
+          - pattern: ...
+          - pattern-not-inside: /*...*/
+          - pattern-not-inside: //...
+          - pattern-regex: ^(.*?);?[\h]{150,};?.{10,}$
     languages:
       - javascript

guarddog/analyzer/sourcecode/obfuscation.yml CHANGED Viewed

@@ -17,9 +17,11 @@ rules:
           - pattern: getattr(builtins, ...)
           # hide code from sight
-          - pattern-regex: ^(.*?);?[\h]{150,};?.{10,}$
+          - patterns:
+            - pattern: ...
+            - pattern-not-inside: '"..."'
+            - pattern-regex: ^(.*?);?[\h]{150,};?.{10,}$
-          # using decode hardcoded content
           - patterns:
               - pattern: $HEX.decode(...)
               - metavariable-regex:

guarddog/cli.py CHANGED Viewed

@@ -246,7 +246,7 @@ def _list_rules(ecosystem: ECOSYSTEM):
     table.field_names = ["Rule type", "Rule name", "Description"]
     for sc_rule in get_sourcecode_rules(ecosystem):
-        table.add_row(["Source code", sc_rule.id, getattr(sc_rule, "description", "")])
+        table.add_row(["Source code", sc_rule.id, sc_rule.description])
     metadata_rules = get_metadata_detectors(ecosystem)
     for ruleName in metadata_rules:

guarddog/reporters/sarif.py CHANGED Viewed

@@ -18,9 +18,7 @@ def build_rules_help_list() -> dict:
             detector_class = instance.__class__.__base__
             rules_documentation[name] = detector_class.__doc__
         for sourcecode_rule in get_sourcecode_rules(ecosystem):
-            rules_documentation[sourcecode_rule.id] = getattr(
-                sourcecode_rule, "description", ""
-            )
+            rules_documentation[sourcecode_rule.id] = sourcecode_rule.description
     return rules_documentation

guarddog/utils/config.py CHANGED Viewed

@@ -22,9 +22,20 @@ VERIFY_EXHAUSTIVE_DEPENDENCIES: bool = (
 This parameter specifies the location of the top packages cache
 - Default: guarddog/analyzer/metadata/resources
 """
-TOP_PACKAGES_CACHE_LOCATION = os.environ.get(
+TOP_PACKAGES_CACHE_LOCATION: str = os.environ.get(
     "GUARDDOG_TOP_PACKAGES_CACHE_LOCATION",
     os.path.abspath(
         os.path.join(os.path.dirname(__file__), "../analyzer/metadata/resources")
     ),
 )
+"""
+This parameter specifies comman separated file extentions that YARA rules will not run against
+- Default: ini,md,rst,txt,lock,json,yaml,yml,toml,xml,html,rst,csv,sql,pdf,doc,docx,ppt,
+           pptx,xls,xlsx,odt,changelog,readme,makefile,dockerfile,pkg-info
+"""
+YARA_EXT_EXCLUDE: list[str] = os.environ.get(
+    "GUARDDOG_YARA_EXT_EXCLUDE",
+    "ini,md,rst,txt,lock,json,yaml,yml,toml,xml,html,rst,csv,sql,pdf,doc,docx,ppt,"
+    "pptx,xls,xlsx,odt,changelog,readme,makefile,dockerfile,pkg-info",
+).split(",")

{guarddog-2.0.2.dist-info → guarddog-2.0.3.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: guarddog
-Version: 2.0.2
+Version: 2.0.3
 Summary: GuardDog is a CLI tool to Identify malicious PyPI packages
 Home-page: https://github.com/DataDog/guarddog
 License: Apache-2.0
@@ -24,7 +24,7 @@ Requires-Dist: pyyaml (>=6.0,<7.0)
 Requires-Dist: requests (>=2.29.0,<3.0.0)
 Requires-Dist: semantic-version (>=2.10.0,<3.0.0)
 Requires-Dist: semgrep (==1.67.0)
-Requires-Dist: setuptools (>=70.3.0,<71.0.0)
+Requires-Dist: setuptools (>=70.3,<74.0)
 Requires-Dist: tarsafe (>=0.0.5,<0.0.6)
 Requires-Dist: termcolor (>=2.1.0,<3.0.0)
 Requires-Dist: urllib3 (==2.2.2)

{guarddog-2.0.2.dist-info → guarddog-2.0.3.dist-info}/RECORD RENAMED Viewed

@@ -1,7 +1,7 @@
 guarddog/__init__.py,sha256=reb53KZG9b1nFmsDxj2fropaOceOCyM9bVMUdmZ2wS8,227
 guarddog/__main__.py,sha256=GEdfW6I6g2c3H7bS0G43E4C-g7kXGUswzDCPFSwPgHY,246
 guarddog/analyzer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-guarddog/analyzer/analyzer.py,sha256=9GUlJGQxDnkoIs0Z04R9UpqDRUlsH-cLCEj8guNk4TU,12504
+guarddog/analyzer/analyzer.py,sha256=9cbLp0mkLIJwNgWJ41LXtO4RdjZgwOrHT2AibLwcps4,12873
 guarddog/analyzer/metadata/__init__.py,sha256=LH4oLBr2vtkGdUXkb8C6JgN35h4NmpswxE7wOOmOdrQ,581
 guarddog/analyzer/metadata/bundled_binary.py,sha256=NKwAa1QKuOG79g9up5O2JpwfZzygJZwXrBZ6w_yemkU,1835
 guarddog/analyzer/metadata/deceptive_author.py,sha256=nuFyQqKpOuBKAJxpgbcjwXt3FVLzdmOg2mioUZ1D2TI,2789
@@ -39,7 +39,7 @@ guarddog/analyzer/metadata/resources/top_pypi_packages.json,sha256=R-0P8wdW0UFj0
 guarddog/analyzer/metadata/typosquatting.py,sha256=J3X-Acago_CLjgr_-BJ0FXd3JbCtG4s4fJzaT3a62RQ,5618
 guarddog/analyzer/metadata/unclaimed_maintainer_email_domain.py,sha256=qy8AZqbVxD1U3Q--h0FYV7lKPFNlhSzfZK0GwjvQxdQ,2343
 guarddog/analyzer/metadata/utils.py,sha256=bOrkELPza4ScUx1DfQxlqU-9DQeA5weISF42c0QCtls,1768
-guarddog/analyzer/sourcecode/__init__.py,sha256=eTT2b4QDn3CHuAvqmcUduZng0F7o7wgwkJYe9p4d-Og,3396
+guarddog/analyzer/sourcecode/__init__.py,sha256=A2mbib72TDZkMIWb94Yq9lf_3xU5WOY_Gva0wHGqObE,3769
 guarddog/analyzer/sourcecode/bidirectional-characters.yml,sha256=WNQb3EzaT6GAbiMOV3lx592KNczbhIyUAAVXH9m2ygQ,1310
 guarddog/analyzer/sourcecode/clipboard-access.yml,sha256=B36E7xKtAVgwZ29UWtvZa1AJcyfrhvehbLo6tlJqffk,524
 guarddog/analyzer/sourcecode/cmd-overwrite.yml,sha256=l-tE3_G-LqCuCZnHab6v0PpCdMpoHPutBYcijeMZEA0,682
@@ -52,18 +52,18 @@ guarddog/analyzer/sourcecode/npm-dll-hijacking.yml,sha256=TPIXvWm8Ot9RVtDXWFmoNZ
 guarddog/analyzer/sourcecode/npm-exec-base64.yml,sha256=xNIwJAmGP19wvxH_w1ySgDsxrUU3GkrxRcFjjnB9fWM,576
 guarddog/analyzer/sourcecode/npm-exfiltrate-sensitive-data.yml,sha256=UP-GlZ5VykHWFebgIiHrkrQL9PdtjxR99_m2FZddmuw,3011
 guarddog/analyzer/sourcecode/npm-install-script.yml,sha256=0resBD7upjukUWsUEYv9sWLC1bCN8xD1pgCVDAxYa_I,1355
-guarddog/analyzer/sourcecode/npm-obfuscation.yml,sha256=ju-lMQA2gKEIBJBoAHo3o6GPMmgDLDO7CRZs6n0qNLk,1903
+guarddog/analyzer/sourcecode/npm-obfuscation.yml,sha256=FAW9toHYU8adzKv5E68M29OQ4sLO89GwORsXpSr2-50,2026
 guarddog/analyzer/sourcecode/npm-serialize-environment.yml,sha256=gFpr58INp44ZwxYZlIHyzpOgbVMDLv1ZRPTGAczX5dw,835
 guarddog/analyzer/sourcecode/npm-silent-process-execution.yml,sha256=qnJHGesNPNpxGa8n2kQMpttLGck-6vZjI_SsweDyk7M,3513
 guarddog/analyzer/sourcecode/npm-steganography.yml,sha256=XH0udcriAQq_6WOHAG4TpIedw8GgKyWx9gsG_Q_Fki8,915
-guarddog/analyzer/sourcecode/obfuscation.yml,sha256=GaJwPSpP_d7MLiITvbrewoD0svYzTybqgH9X8vqvQUg,1041
+guarddog/analyzer/sourcecode/obfuscation.yml,sha256=EwGwmQSftIvyDZ0BZZBT37kS7chtO99s36MfXeZ6hHw,1091
 guarddog/analyzer/sourcecode/shady-links.yml,sha256=vdY49_JXF12ACDlwKAZ-DSY3RuePerQXAClAFtXJXFY,2190
 guarddog/analyzer/sourcecode/silent-process-execution.yml,sha256=b6RjenMv7si7lXGak3uMmD7PMtQRuKPeJFggPW6UDNI,418
 guarddog/analyzer/sourcecode/steganography.yml,sha256=3ceO6SJhu4XpZEjfwelLdOxeZ4Ho1OgUjbcacwtOhR0,606
-guarddog/cli.py,sha256=P5pc_qkX_SHPHRoPnjjq7au2Vj7GYW906r7dh6ADzg4,13201
+guarddog/cli.py,sha256=TPSKAb9b6AHZB3rqtqd4zZeoCYWMYhEdCOzwFvMJQYI,13185
 guarddog/ecosystems.py,sha256=kgM4v5E8PZBQksWgzuWwODS5R7P16klDi1SGWKLy1e0,380
 guarddog/reporters/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-guarddog/reporters/sarif.py,sha256=44Ixtfk9IhHHaU0MtRLsaBUnPl23kDRuCbtWJ84Z9LA,5866
+guarddog/reporters/sarif.py,sha256=92HjvASZFyv5otB1qbsUqj6423tNgZbmSQS4qApffAw,5820
 guarddog/scanners/__init__.py,sha256=yEsDvThkIAhFkP59gSCFxYe5HTLmoSzfjAkDrtFT1LY,1628
 guarddog/scanners/go_package_scanner.py,sha256=OdCbwtjJow9AxEv34z7WBfgTamqKj5DxJh7dly_1NuY,2926
 guarddog/scanners/go_project_scanner.py,sha256=3D5dYSA7FVqc7IIM7uAHlCJZalshP_WhagWmOcYirog,2123
@@ -74,13 +74,13 @@ guarddog/scanners/pypi_project_scanner.py,sha256=NY-xO27r9xIGik7y-btoBKX54_VPSV_
 guarddog/scanners/scanner.py,sha256=7-OGs8GoRfyexEYOfVRSmV7P-7ZJDXtgj2Z1UrKGx30,10929
 guarddog/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 guarddog/utils/archives.py,sha256=jOXAhxZx-mTtpDidGGKxQg052CvaQOAVklvOeUn9HTQ,2593
-guarddog/utils/config.py,sha256=KCiGsaeautOo-1p0CSbHY5HWT8cC17-_8tqKH7hPa1E,883
+guarddog/utils/config.py,sha256=Msz7altsmNKry0vBPtL2BJ_VdBXsBFZX5ksLvXc2ix4,1403
 guarddog/utils/exceptions.py,sha256=23Kzl3exqYK6X-bcGUeb8wPmSglWNX3GIDPkJ6lQzo4,54
 guarddog/utils/package_info.py,sha256=TFjE1xsGNf60SuHlIeDV2pzMUbogl5TKJdSzswat6jI,953
-guarddog-2.0.2.dist-info/LICENSE,sha256=w1aNZxHyoyOPJ4fSdiyrr06tCJZbTjCsH9K1uqeDVyU,11377
-guarddog-2.0.2.dist-info/LICENSE-3rdparty.csv,sha256=cS61ONZL_xlXaTMvQXyBEi3J3es-40Gg6G-6idoa5Qk,314
-guarddog-2.0.2.dist-info/METADATA,sha256=3aEJ6d9_rvoJt9fVnrPzIyVgGILNXPDLCsJQEBq9scE,1417
-guarddog-2.0.2.dist-info/NOTICE,sha256=nlyNt2IjG8IBoQkb7n6jszwAvmREpKAx0POzFO1s2JM,140
-guarddog-2.0.2.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
-guarddog-2.0.2.dist-info/entry_points.txt,sha256=vX2fvhnNdkbEL4pDzrH2NqjWVxeOaEYi0sJYmNgS2-s,45
-guarddog-2.0.2.dist-info/RECORD,,
+guarddog-2.0.3.dist-info/LICENSE,sha256=w1aNZxHyoyOPJ4fSdiyrr06tCJZbTjCsH9K1uqeDVyU,11377
+guarddog-2.0.3.dist-info/LICENSE-3rdparty.csv,sha256=cS61ONZL_xlXaTMvQXyBEi3J3es-40Gg6G-6idoa5Qk,314
+guarddog-2.0.3.dist-info/METADATA,sha256=5knEEdt2PwaRult-To_Rf_KQyi8kGKcQogGj-9xKKeM,1413
+guarddog-2.0.3.dist-info/NOTICE,sha256=nlyNt2IjG8IBoQkb7n6jszwAvmREpKAx0POzFO1s2JM,140
+guarddog-2.0.3.dist-info/WHEEL,sha256=sP946D7jFCHeNz5Iq4fL4Lu-PrWrFsgfLXbbkciIZwg,88
+guarddog-2.0.3.dist-info/entry_points.txt,sha256=vX2fvhnNdkbEL4pDzrH2NqjWVxeOaEYi0sJYmNgS2-s,45
+guarddog-2.0.3.dist-info/RECORD,,

{guarddog-2.0.2.dist-info → guarddog-2.0.3.dist-info}/LICENSE RENAMED Viewed

File without changes

{guarddog-2.0.2.dist-info → guarddog-2.0.3.dist-info}/LICENSE-3rdparty.csv RENAMED Viewed

File without changes

{guarddog-2.0.2.dist-info → guarddog-2.0.3.dist-info}/NOTICE RENAMED Viewed

File without changes

{guarddog-2.0.2.dist-info → guarddog-2.0.3.dist-info}/WHEEL RENAMED Viewed

File without changes

{guarddog-2.0.2.dist-info → guarddog-2.0.3.dist-info}/entry_points.txt RENAMED Viewed

File without changes

guarddog 2.0.2__py3-none-any.whl → 2.0.3__py3-none-any.whl

guarddog 2.0.2py3-none-any.whl → 2.0.3py3-none-any.whl